VU#163057: BMC software fails to validate IPMI session. | allinfosecnews.com

April 30, 2024, 6:39 p.m. |

CERT Recently Published Vulnerability Notes kb.cert.org

Overview

The Intelligent Platform Management Interface (IPMI) implementations in multiple manufacturer's Baseboard Management Controller (BMC) software are vulnerable to IPMI session hijacking. An attacker with access to the BMC network (with IPMI enabled) can abuse the lack of session integrity to hijack sessions and execute arbitrary IPMI commands on the BMC.

Description

IPMI is a computer interface specification that provides a low-level management capability independent of hardware, firmware, or operating system. IPMI is supported by many BMC manufacturers to allow …

abuse access attacker baseboard management controller bmc can controller hijack hijacking integrity interface ipmi management manufacturer network platform session session hijacking sessions software vulnerable

More from kb.cert.org / CERT Recently Published Vulnerability Notes

VU#163057: BMC software fails to validate IPMI session. 3 weeks ago | kb.cert.org

abuse access attacker baseboard management controller +17

VU#238194: R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds … 3 weeks ago | kb.cert.org

arbitrary code arbitrary code execution attacker can +15

VU#253266: Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models 1 month ago | kb.cert.org

application arbitrary code attacker attackers +14

VU#123335: Multiple Programming Languages Fail to Escape Arguments Properly in Microsoft Windows 1 month, 1 week ago | kb.cert.org

arbitrary code attackers cases code +15

VU#155143: Linux kernel on Intel systems is susceptible to Spectre v2 attacks 1 month, 1 week ago | kb.cert.org

architectures attacker attacks bhi +20

VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks 1 month, 2 weeks ago | kb.cert.org

attacks can dos fragments +6

VU#417980: UDP-based, application-layer protocol implementations are vulnerable to network loops 2 months ago | kb.cert.org

abuse application applications attacker +18

VU#488902: CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions 2 months, 1 week ago | kb.cert.org

architectures attacker can conditions +13

VU#949046: Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file … 2 months, 2 weeks ago | kb.cert.org

app attacks bluetooth called +11

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

PNT/NAVWAR Space Electronic Warfare Instructor II – Officer Training Course

@ Aleut Federal | Colorado Springs, Colorado, United States

View on infosec-jobs.com

Sr Director, Cybersecurity SIRT

@ Workday | USA, VA, McLean

View on infosec-jobs.com